Twitter: Access control via post-it note

(obligatory hax0r stock photo)
Is there still no way to give an employee the ability to post to Twitter from their phone without sharing the password with them?

If you use TweetDeck on a desktop, you can set up a "Team" where an employee has their own password, and has the ability to post to the business account, but does not have access to the password that can lock everyone else out.

But as far as I can tell, there's no way to do this on mobile. As they rolled out "teams" over two years ago, I assume they have no plans to fix this oversight.

I guess I could host my own access-controlled web page that allowed my employees to post text and images to a form, and then have it twit on the back end... but that would totally not work at all for video. (All of the social media apps resize the video locally first and then upload it in resumable chunks, and with good reason. You can't accomplish this sort of thing without a native app.)

Tags: , , , ,

9 Responses:

  1. Kevin Burke says:

    I might be missing something, but if you install Tweetbot or a similar 3rd party app, and log into it on their phone (so they don't see the password), they'll be able to post from the logged-in account, but not be able to change the password - you can't do that in the Tweetbot app.

    • jwz says:

      Twitter's official policy is that third party apps don't exist, so relying on them is foolish because they can and do regularly pull the rug away.

      Just because that app doesn't show the user the password doesn't mean the password isn't stored in plain text on the phone. Hint: it is. And knowing that password lets you change the password.

      I trust my employees not to do this on purpose, but I sure don't trust them not to lose their phones.

      • Erorus says:

        Most decent 3rd party apps use OAuth nowadays and never see the password. You log in directly to Twitter via a web view inside the app. Try one.

  2. It gets better! Even if you trust all your employees with the single, shared password, Twitter's multi factor authentication is tied to a single phone number. So, like, set up a shared Google Voice number for everyone? And, of course, you then need some way to share the TOTP seed for that Google account, so yet another shared password with Authy or some such. Shared password all the way down...

  3. A terrible hack would be having the employees have a private 2nd account which they can post to, and a script that reads this content and reposts them on the main account. Are private videos shareable if their URL is known?

  4. Incredible how bad this aspect of Twitter is. A lot of their unique appeal comes from 'personal interaction' with corporate and political interns.

  5. Tom says:

    I use Buffer for sharing access to a Twitter account. They have mobile apps and support video.

  6. Pronoiac says:

    I think LastPass might let you specify that some users can't copy or view passwords, but it will fill out the fields on a certain page, if the webapps even have the functionality you need. This might be a Premium or Enterprise feature.

    • Not that Jamie says:

      ...and it is laughably easy to dig the password back out of that.

      Also, Lastpass is best-known for their multi-year comedy sketch series, "Trust us, we're rilly rilly secure this time. Honest."

      Not to mention the UI was apparently designed by a drunk glaucoma victim, the OS X support is a broken afterthought, and the whole concept of cloud password storage is a foot bullet waiting to happen.

      Otherwise, sure, solid plan.